Biblio

This paper provides an in-depth analysis of Android malware that bypassed the strictest defenses of the Google Play application store and penetrated the official Android market between January 2016 and July 2021. We systematically identified 1,238 such malicious applications, grouped them into 134 families, and manually analyzed one application from 105 distinct families. During our manual analysis, we identified malicious payloads the applications execute, conditions guarding execution of the payloads, hiding techniques applications employ to evade detection by the user, and other implementation-level properties relevant for automated malware detection. As most applications in our dataset contain multiple payloads, each triggered via its own complex activation logic, we also contribute a graph-based representation showing activation paths for all application payloads in form of a control- and data-flow graph. Furthermore, we discuss the capabilities of existing malware detection tools, put them in context of the properties observed in the analyzed malware, and identify gaps and future research directions. We believe that our detailed analysis of the recent, evasive malware will be of interest to researchers and practitioners and will help further improve malware detection tools.

Developers of mobile applications rely on the trust of their customers. On the one hand the requirement exists to create feature-rich and secure apps, which adhere to privacy standards to not deliberately disclose user information. On the other hand the development process must be streamlined to reduce costs. Here third-party libraries come into play. Inclusion of many, possibly nested libraries pose security risks, app-creators are often not aware of. This paper presents a way to combine free open-source tools to support developers in checking their application that it does not induce security issues by using third-party libraries. The tools FlowDroid, Frida, and mitm-proxy are used in combination in a simple and viable way to perform checks to identify privacy leaks of third-party apps. Our proposed setup and configuration empowers average app developers to preserve user privacy without being dedicated security experts and without expensive external advice.

Mobile devices are an inseparable part of our lives. They have made it possible to access all the information and services anywhere at any time. Almost all of the organizations try to provide a mobile device-based solution to its users. However, this convenience has arisen the risk of losing personal information and has increased the threat to security. It has been observed recently that some of the mobile device manufacturers and mobile apps developers have lost the private information of their users to hackers. It has risen a great concern among mobile device users about their personal information. Android and iOS are the major operating systems for mobile devices and share over 99% of the mobile device market. This research aims to conduct a comparative analysis of the security of the components in the Android and iOS operating systems. It analyses the security from several perspectives such as memory randomization, application sandboxing, isolation, encryption, built-in antivirus, and data storage. From the analysis, it is evident that iOS is more secure than Android operating system. However, this security comes with a cost of losing the freedom.

Native code is now commonplace within Android app packages where it co-exists and interacts with Dex bytecode through the Java Native Interface to deliver rich app functionalities. Yet, state-of-the-art static analysis approaches have mostly overlooked the presence of such native code, which, however, may implement some key sensitive, or even malicious, parts of the app behavior. This limitation of the state of the art is a severe threat to validity in a large range of static analyses that do not have a complete view of the executable code in apps. To address this issue, we propose a new advance in the ambitious research direction of building a unified model of all code in Android apps. The JUCIFY approach presented in this paper is a significant step towards such a model, where we extract and merge call graphs of native code and bytecode to make the final model readily-usable by a common Android analysis framework: in our implementation, JUCIFY builds on the Soot internal intermediate representation. We performed empirical investigations to highlight how, without the unified model, a significant amount of Java methods called from the native code are “unreachable” in apps' callgraphs, both in goodware and malware. Using JUCIFY, we were able to enable static analyzers to reveal cases where malware relied on native code to hide invocation of payment library code or of other sensitive code in the Android framework. Additionally, JUCIFY'S model enables state-of-the-art tools to achieve better precision and recall in detecting data leaks through native code. Finally, we show that by using JUCIFY we can find sensitive data leaks that pass through native code.

Forensic Science comprises a set of technical-scientific knowledge used to solve illicit acts. The increasing use of mobile devices as the main computing platform, in particular smartphones, makes existing information valuable for forensics. However, the blocking mechanisms imposed by the manufacturers and the variety of models and technologies make the task of reconstructing the data for analysis challenging. It is worth mentioning that the conclusion of a case requires more than the simple identification of evidence, as it is extremely important to correlate all the data and sources obtained, to confirm a suspicion or to seek new evidence. This work carries out a systematic review of the literature, identifying the different types of existing image acquisition and the main extraction and encryption methods used in smartphones with the Android operating system.

Security and Controls with Data privacy in Internet of Things (IoT) devices is not only a present and future technology that is projected to connect a multitude of devices, but it is also a critical survival factor for IoT to thrive. As the quantity of communications increases, massive amounts of data are expected to be generated, posing a threat to both physical device and data security. In the Internet of Things architecture, small and low-powered devices are widespread. Due to their complexity, traditional encryption methods and algorithms are computationally expensive, requiring numerous rounds to encrypt and decode, squandering the limited energy available on devices. A simpler cryptographic method, on the other hand, may compromise the intended confidentiality and integrity. This study examines two lightweight encryption algorithms for Android devices: AES and RSA. On the other hand, the traditional AES approach generates preset encryption keys that the sender and receiver share. As a result, the key may be obtained quickly. In this paper, we present an improved AES approach for generating dynamic keys.

Android Operating System becomes a major target for malicious attacks. Static analysis approach is widely used to detect malicious applications. Most of existing studies on static analysis frameworks are limited to certain features. This paper presents an Android Static Analysis Framework (ASAF) which models the overall static analysis phases and approaches for Android applications. ASAF can be implemented for different purposes including Android malicious apps detection. The proposed framework utilizes a parsing tool, Android Static Parse (ASParse) which is also introduced in this paper. Through the extendibility of the ASParse tool, future research studies can easily extend the parsed features and the parsed files to perform parsing based on their specific requirements and goals. Moreover, a case study is conducted to illustrate the implementation of the proposed ASAF.

Mobile antivirus technologies incorporate static analysis which involves the analysis of programs without its execution. This process relies on pattern matching against a signature repository to identify malware, which can be easily tricked by transformation techniques such as obfuscation. Obfuscation as an evasion technique renders character strings disguised and incomprehensive, to prevent tampering and reengineering, which poses to be a valuable technique malware developers adopt to evade detection. This paper attempts to study the detection efficiency of static analyzers against obfuscated Android malware. This study is the first step in a larger project attempting to improve the efficiency of malware detectors.

The Android application market will conduct various security analysis on each application to predict its potential harm before put it online. Since almost all the static analysis tools can only detect malicious behaviors in the Java layer, more and more malwares try to avoid static analysis by taking the malicious codes to the Native layer. To provide a solution for the above situation, there's a new research aspect proposed in this paper and defined as Inter-language Static Analysis. As all the involved technologies are introduced, the current research results of them will be captured in this paper, such as static analysis in Java layer, binary analysis in Native layer, Java-Native penetration technology, etc.

Mobile security remains a concern for multiple stakeholders. Safe user behavior is crucial key to avoid and mitigate mobile threats. The research used a survey design to capture key constructs of mobile user threat avoidance behavior. Analysis revealed that there is no significant difference between the two key drivers of secure behavior, threat appraisal and coping appraisal, for Android and iOS users. However, statistically significant differences in avoidance motivation and avoidance behavior of users of the two operating systems were displayed. This indicates that existing threat avoidance models may be insufficient to comprehensively deal with factors that affect mobile user behavior. A newly introduced variable, perceived security, shows a difference in the perceptions of their level of protection among the users of the two operating systems, providing a new direction for research into mobile security.

We analyze the prandom pseudo random number generator (PRNG) in use in the Linux kernel (which is the kernel of the Linux operating system, as well as of Android) and demonstrate that this PRNG is weak. The prandom PRNG is in use by many "consumers" in the Linux kernel. We focused on three consumers at the network level – the UDP source port generation algorithm, the IPv6 flow label generation algorithm and the IPv4 ID generation algorithm. The flawed prandom PRNG is shared by all these consumers, which enables us to mount "cross layer attacks" against the Linux kernel. In these attacks, we infer the internal state of the prandom PRNG from one OSI layer, and use it to either predict the values of the PRNG employed by the other OSI layer, or to correlate it to an internal state of the PRNG inferred from the other protocol.Using this approach we can mount a very efficient DNS cache poisoning attack against Linux. We collect TCP/IPv6 flow label values, or UDP source ports, or TCP/IPv4 IP ID values, reconstruct the internal PRNG state, then predict an outbound DNS query UDP source port, which speeds up the attack by a factor of x3000 to x6000. This attack works remotely, but can also be mounted locally, across Linux users and across containers, and (depending on the stub resolver) can poison the cache with an arbitrary DNS record. Additionally, we can identify and track Linux and Android devices – we collect TCP/IPv6 flow label values and/or UDP source port values and/or TCP/IPv4 ID fields, reconstruct the PRNG internal state and correlate this new state to previously extracted PRNG states to identify the same device.

A door enables you to enter a room without breaking through a wall. Also, a door enables you for privacy, environmental or security reasons. The problem statement which is the biometric system sometimes is sensitive and will not be able to sense the biological pattern of the employer’s fingerprint due to sweat and other factors. Next, people tend to misplace their key or RFID card. Apart from that, people tend to forget their pin number for a door lock. The objective of this paper is to present a secret knock intensity for door lock security system using Arduino and mobile. This project works by using a knock intensity and send the information to mobile application via wireless network to unlock or lock the door.

These days, almost everyone has been entirely relying on mobile devices and mobile related applications running on Android Operating Systems, the most used Mobile Operating System in the world with the largest market share. These Mobile devices and applications can become an information goldmine for hackers and are considered one of the significant concerns mobile users face who stand a chance of being victimized during data breach from hackers due to lapse in information security and controls. Such challenge can be put to bare through systematic digital forensic analysis through penetration testing for a humanoid robot like Zenbo, which run Android OS and related application, to help identify associated security vulnerabilities and develop controls required to improve security using popular penetration testing tools such as Drozer, Mobile Application Security framework (mobSF), and AndroBugs with the help of Santoku Linux distribution.

Today the mobile devices are more and more present in our lives, and the mobile applications market has experienced a sharp growth. Most of these applications are made to make our daily lives easier, and for this a large part of them consume various web services. Given this transition, from desktop and web applications to mobile applications, many critical services have begun to expose their APIs for use by such application clients. Unfortunately, this transition has paved the way for new vulnerabilities, vulnerabilities used to compress cloud services. In this article we analyzed the main security problems and how they can be solved using the attestation services, the services that indicate that the device running the application and the client application are genuine.

The recent analysis indicates more than 250,000 people in the United States of America (USA) die every year because of medical errors. World Health Organisation (WHO) reports states that 2.6 million deaths occur due to medical and its prescription errors. Many of the errors related to the wrong drug/dosage administration by caregivers to patients due to indecipherable handwritings, drug interactions, confusing drug names, etc. The espousal of Mobile-based speech recognition applications will eliminate the errors. This allows physicians to narrate the prescription instead of writing. The application can be accessed through smartphones and can be used easily by everyone. An application program interface has been created for handling requests. Natural language processing is used to read text, interpret and determine the important words for generating prescriptions. The patient data is stored and used according to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) guidelines. The SMS4-BSK encryption scheme is used to provide the data transmission securely over Wireless LAN.

Attacks on mobile devices have gained a significant amount of attention lately. This is because more and more individuals are switching to smartphones from traditional non-smartphones. Therefore, attackers or cybercriminals are now getting on the bandwagon to have an opportunity at obtaining information stored on smartphones. In this paper, we present an Android mobile application that will aid to minimize data exfiltration from attacks, such as, Acoustic Side-Channel Attack, Clipboard Jacking, Permission Misuse and Malicious Apps. This paper will commence its inception with an introduction explaining the current issues in general and how attacks such as side-channel attacks and clipboard jacking paved the way for data exfiltration. We will also discuss a few already existing solutions that try to mitigate these problems. Moving on to the methodology we will emphasize how we came about the solution and what methods we followed to achieve the end goal of securing the smartphone. In the final section, we will discuss the outcomes of the project and conclude what needs to be done in the future to enhance this project so that this mobile application will continue to keep the user's data safe from the criminals' grasps.

In an increasingly connected world where products are just a click away, there is a growing need for systems that seek to equip consumers with the necessary tools to identify misrepresented products. Sub-standard ingredients used in the production of sanitary towels can pose a serious health risk to the consumer. Informal retailers or Spaza-shops have been accused of selling counterfeit food products to unsuspecting consumers. In this paper, we propose a system that can be used by consumers to scan a quick response (QR) code printed on the product. Built into an android application, is a system that applies the RSA public key encryption algorithm to secure the data prior to encoding into the QR code. The proposed system is also responsible for updating location data of previous scans on a dedicated cloud database. Upon completion of a field test, having collected months of consumer data, counterfeit prediction can be improved. In addition, a timely warning can be sent to a customer and relevant authorities if a unique product batch number is scanned outside of an expected area.

At present, the detection of encrypted ransomware under the Android platform mainly relies on analyzing the API call of the encryption function. But for ransomware that uses a custom encryption algorithm, the method will be invalid. This article analyzed the files before and after encryption by the ransomware, and found that there were obvious changes in the information entropy and file name of the files. Based on this, this article proposed a detection method for encrypted ransomware under the Android platform. Through pre-setting decoy files and the characteristic judgment before and after the execution of the sample to be tested, completed the detection and judgment of the ransomware. Having tested 214 samples, this method can be porved to detect encrypted ransomware accurately under the Android platform, with an accuracy rate of 98.24%.

Cryptographic (crypto) algorithms are the essential ingredients of all secure systems: crypto hash functions and encryption algorithms, for example, can guarantee properties such as integrity and confidentiality. Developers, however, can misuse the application programming interfaces (API) of such algorithms by using constant keys and weak passwords. This paper presents CRYLOGGER, the first open-source tool to detect crypto misuses dynamically. CRYLOGGER logs the parameters that are passed to the crypto APIs during the execution and checks their legitimacy offline by using a list of crypto rules. We compared CRYLOGGER with CryptoGuard, one of the most effective static tools to detect crypto misuses. We show that our tool complements the results of CryptoGuard, making the case for combining static and dynamic approaches. We analyzed 1780 popular Android apps downloaded from the Google Play Store to show that CRYLOGGER can detect crypto misuses on thousands of apps dynamically and automatically. We reverse-engineered 28 Android apps and confirmed the issues flagged by CRYLOGGER. We also disclosed the most critical vulnerabilities to app developers and collected their feedback.

A recent research shows that 88 % of Android applications that use cryptographic APIs make at least one mistake. For this reason, several tools have been proposed to detect crypto API misuses, such as CryptoLint, CMA, and CogniCryptSAsT. However, these tools depend heavily on manually designed rules, which require much cryptographic knowledge and could be error-prone. In this paper, we propose an approach based on probabilistic models, namely, hidden Markov model and n-gram model, to analyzing crypto API usages in Android applications. The difficulty lies in that crypto APIs are sensitive to not only API orders, but also their arguments. To address this, we have created a dataset consisting of crypto API sequences with arguments, wherein symbolic execution is performed. Finally, we have also conducted some experiments on our models, which shows that ( i) our models are effective in capturing the usages, detecting and locating the misuses; (ii) our models perform better than the ones without symbolic execution, especially in misuse detection; and (iii) compared with CogniCryptSAsT, our models can detect several new misuses.

Ransomware attack is posting a serious threat against Android devices and stored data that could be locked or/and encrypted by such attack. Existing solutions attempt to detect and prevent such attack by studying different features and applying various analysis mechanisms including static, dynamic or both. In this paper, recent ransomware detection solutions were investigated and compared. Moreover, a deep analysis of android permissions was conducted to identify significant android permissions that can discriminate ransomware with high accuracy before harming users' devices. Consequently, based on the outcome of this analysis, a permissions-based ransomware detection system is proposed. Different classifiers were tested to build the prediction model of this detection system. After the evaluation of the ransomware detection service, the results revealed high detection rate that reached 96.9%. Additionally, the newly permission-based android dataset constructed in this research will be made available to researchers and developers for future work.

The Security available in personal computers and laptops are not possible in mobile communication, since there is no controlling software such as an operating system. The European Union General Data Protection Regulation (GDPR) will require many organisations throughout the European Union to comply with new requirements that are intended to protect their user's personal data. The responsibilities of the organizations and the penalties related to the protection of personal data of the users are proved to be both organisationally and technically challenging. Under the GDPR's 'privacy by design' and 'privacy by default' requirements, organizations need to prove that they are in control of user data and have taken steps to protect it. There are a large number of organizations that makes use of mobile devices to process personal data of their customers. GDPR mandates that the organization shall be able to manage all devices that handles sensitive data so that the company can implement group updates, restrict apps and networks, and enforce security measures. In this work, we propose a Mobile Device Management solution using the built-in frameworks of Android and iOS mobile platforms which is compatible and incorporates GDPR articles relevant to a small to medium sized organization.

Android gives us opportunity to extract meaningful information from metadata. From the security point of view, the missing important information in metadata of an application could be a sign of suspicious application, which could be directed for extensive analysis. Especially the usage of dangerous permissions is expected to be explained in app descriptions. The permission-to-description fidelity problem in the literature aims to discover such inconsistencies between the usage of permissions and descriptions. This study proposes a new method based on natural language processing and recurrent neural networks. The effect of user reviews on finding such inconsistencies is also investigated in addition to application descriptions. The experimental results show that high precision is obtained by the proposed solution, and the proposed method could be used for triage of Android applications.

This paper deals with the design and development of a Li-Fi (light fidelity) simplex communication system for data exchange between Android mobile devices. Li-Fi is an up-to-date technology in the modern world, since it uses visible light for data exchange, allowing for high-speed communication. The paper includes a brief review of Li-Fi technology, a review of the literature used, and a study of technological methods for implementing such systems, based on scientific sources. We propose the algorithms for data exchange, packet formation, and encryption-decryption. The paper presents the developed mobile application and the transceiver device, the development results, as well as experiments with the developed prototype. The results show that Li-Fi technology is workable and is a good alternative to existing communication methods.

The development of mobile internet has brought convenience to people, but the openness and diversity of mobile Internet make it face the security threat of communication privacy data disclosure. In this paper, a trusted android device security communication method based on TrustZone is proposed. Firstly, Elliptic Curve Diffie-Hellman (ECDH) key agreement algorithm is used to make both parties negotiate the session key in the Trusted Execution Environment (TEE), and then, we stored the key safely in the TEE. Finally, TEE completes the encryption and decryption of the transmitted data. This paper constructs a secure communication between mobile devices without a trusted third party and analyzes the feasibility of the method from time efficiency and security. The experimental results show that the method can resist malicious application monitoring in the process of data encryption and ensures the security of the session key. Compared with the traditional scheme, it is found that the performance of the scheme is not significantly reduced.